package foo;

import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;

public class FileWithSink {

  String ip = "192.168.12.42";

  public void sinkMethod(String parameter) throws SQLException {
    System.out.println("Issue");
    Statement stmt = null;
    try {
      Connection con = DriverManager.getConnection("");
      stmt = con.createStatement();
      stmt.execute("select FNAME, LNAME, SSN from USERS where UNAME = " + parameter); // non-compliant: taint parameter

    } catch (Exception e) {
      // ...
    } finally {
      if (stmt != null) {
        stmt.close();
      }
    }
  }

}
